Meta

Cyberwars: Stuxnet and Cryptolocker

It’s been quite the year for cybercops, cybercriminals, and all those of us who are caught in between. Between viruses which continue to involve and viruses that target sensitive information in new ways, it seems clear that the information age is fraught with peril. In addition to cyberwars raging between nations, there is also the danger of guerrilla warfare and the digital weapons running amok.

Consider the Stuxnet virus, a piece of programming that made headlines last year by sabotaging the Iranian nuclear enrichment program. At the time, the target – not to mention its source (within the US) – seemed all too convenient to have been unintentional. However, this year, Stuxnet is once again garnering attention thanks to its latest target: the International Space Station.

Apparently, this has been the result of the virus having gone rogue, or at least become too big for its creators to control. In addition to the ISS, the latest reports state that Stuxnet is hitting nuclear plants in countries for which the virus was not originally intended. In one case, the virus even managed to infect an internal network at a Russian power planet that wasn’t even connected to the internet.

According to Eugene Kaspersky, famed head of IT security at Kaspersky Labs, the virus can travel through methods other than internet connectivity, such as via optical media or a USB drive. Kaspersky claims that this is apparently how it made its way aboard the ISS, and that it was brought aboard on more than one occasion through infected USB drives.

For the moment, it is unclear how this virus will be taken care of, or whether or not it will continue to grow beyond any single organization’s ability to control it. All that is clear at this point is that this particular virus has returned to its original handlers. For the time being, various nations and multinational corporations are looking to harden their databases and infrastructure against cyber attack, with Stuxnet in mind.

And they are not the only ones who need to be on their guard about protecting against intrusion. Average consumers are only at risk of having their databases being accessed by an unwanted digital visitor, one that goes by the name of Cryptolocker. Designed with aggressive salesmanship – and blackmail – in mind, this virus is bringing fears about personal information being accessed to new heights.

Basically, the Cryptolocker works by finding people’s most important and sensitive files and selling it back to them. After obtaining the files its needs, it then contacts a remote server to create a 2048-bit key pair to encrypt them so they cannot be recovered, and then contacts the owner with an ultimatum. People are told to pay up, or the virus will begin deleting the info.

When the virus first emerged in October of this year, victims were given three days to cough up roughly $200 via BitCoin or MoneyPak currency transfer. If the virus’ authors did not receive payment within 72 hours, they said, a single line would be deleted from a text file on some hidden foreign server, forever erasing the only string of numbers that could ever bring the affected files back from the dead.

Some users responded by simply setting their system’s internal clock back. A temporary measure, to be sure, but one which worked by tricking the virus into thinking the deadline had not expired. In addition, the three-day deadline worked against the viruses makers, since it’s proven restrictive to the types of people who mostly contract a virus like this – i.e. senior citizens and people working on corporate networks.

Such people are more vulnerable to such scams, but seldom have the computer-savvy skills to to set up BitCoin or other such accounts and transfer the money in time. Meanwhile, infecting a corporate server means that a bloated corporate bureaucracies will be responsible for making the decision of whether or not to pay, not an individual who can decide quickly.

So basically, the designers of Cryptolocker were facing a catch-22. They could not extend the deadline on the virus without diminishing the sense of panic that makes many people pay, but would continue to lose money as long as people couldn’t pay. Their solution: If a victim does not pay up in time, the hackers simply raise the ransom – by a factor of 10!

This allows people more time to mull over the loss of sensitive data and make a decision, but by that time – should they decide to pay up – the price tag has gone up to a bloated $2000. Luckily, this has revealed a crucial bluff in the virus’s workings by showing that all the keys to the encrypted files are in fact not deleted after the three day time limit.

As such, the security industry is encouraging people to hold on to the useless, encrypted files and waiting for the criminal server to be someday seized by the authorities. Since any ransom paid is a de-facto encouragement to hackers to write a similar virus again — or indeed to re-infect the same companies twice – people are currently being told to simply hold out and not pay up.

What’s more, regular backups are the key to protecting your database from viruses like Cryptolocker. Regular backups to off-network machines that do not auto-sync will minimize the virus’ potential for damage. The best defense is even simpler: Cryptolocker infects computers via a bogus email attachment disguised as a PDF file, so simple email safety should keep you immune.

Alas, its a world of digital warfare, and there there are no discernible sides. Just millions of perpetrators, dozens of authorities, and billions of people fearing for the safety and integrity of their data. One can only wonder what an age of quantum computers, graphene and nanotube processors will bring. But more on that later!